Description
The apprentice_load function in libmagic/apprentice.c in the Fileinfo component in PHP through 5.6.4 attempts to perform a free operation on a stack-based character array, which allows remote attackers to cause a denial of service (memory corruption or application crash) or possibly have unspecified other impact via unknown vectors. NOTE: this is disputed by the vendor because the standard erealloc behavior makes the free operation unreachable
Remediation
References
Related Vulnerabilities
Joomla Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2018-15882)
Jetty Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2021-28169)
MySQL CVE-2022-21297 Vulnerability (CVE-2022-21297)
PHP Other Vulnerability (CVE-2003-0442)
Internet Information Services CVE-2008-0074 Vulnerability (CVE-2008-0074)